Skip to content

Allow RemoteDesktop requests if they come from a non-sandboxed app

Aleix Pol Gonzalez requested to merge work/apol/remotedesktop-auth into master

If an app is run outside of the sandbox, grant them RemoteDesktop privileges. Un-sandboxed apps like those installed from the distro or AppImage have unlimited access to the system already so there is no security to be gained, but we may as well offer them access to the same codepath that sandboxed apps use to improve the UX and offer better functionality.

Accordingly, this MR refactors the SNI for screen sharing so that it applies to RemoteDesktop sessions as well and makes sure that the messaging is properly tailored to the use-case.

Note for the kind reviewers:

  • Non-sandboxed apps will be granted RemoteDesktop capabilities and will show a notification about it happening with the same contents as the confirmation dialog. This can be tested with krfb as is, or with kde connect with network/kdeconnect-kde!501 (merged) applied.
  • The SNI we get when in a screenshare session is now 1 per session rather than 1 per stream (can be tested with OBS and Firefox).
  • Polishing the text of the different notifications and SNI could make sense. We could do it either in this MR or in a future iteration as it's not trivial to test this.
Edited by Nate Graham

Merge request reports